public unsafe static int AcquireCredentialsHandle(
string package,
Interop.Secur32.CredentialUse intent,
ref SafeSspiAuthDataHandle authdata,
out SafeFreeCredentials outCredential)
{
int errorCode = -1;
long timeStamp;
outCredential = new SafeFreeCredential_SECURITY();
errorCode = Interop.Secur32.AcquireCredentialsHandleW(
null,
package,
(int)intent,
null,
authdata,
null,
null,
ref outCredential._handle,
out timeStamp);
if (errorCode != 0)
{
outCredential.SetHandleAsInvalid();
}
return(errorCode);
}
public unsafe static int AcquireCredentialsHandle(
string package,
Interop.Secur32.CredentialUse intent,
ref Interop.Secur32.SecureCredential authdata,
out SafeFreeCredentials outCredential)
{
GlobalLog.Print("SafeFreeCredentials::AcquireCredentialsHandle#2("
+ package + ", "
+ intent + ", "
+ authdata + ")");
int errorCode = -1;
long timeStamp;
// If there is a certificate, wrap it into an array.
// Not threadsafe.
IntPtr copiedPtr = authdata.certContextArray;
try
{
IntPtr certArrayPtr = new IntPtr(&copiedPtr);
if (copiedPtr != IntPtr.Zero)
{
authdata.certContextArray = certArrayPtr;
}
outCredential = new SafeFreeCredential_SECURITY();
errorCode = Interop.Secur32.AcquireCredentialsHandleW(
null,
package,
(int)intent,
null,
ref authdata,
null,
null,
ref outCredential._handle,
out timeStamp);
}
finally
{
authdata.certContextArray = copiedPtr;
}
#if TRACE_VERBOSE
GlobalLog.Print("Unmanaged::AcquireCredentialsHandle() returns 0x"
+ errorCode.ToString("x")
+ ", handle = " + outCredential.ToString());
#endif
if (errorCode != 0)
{
outCredential.SetHandleAsInvalid();
}
return(errorCode);
}
internal void AcquireDefaultCredential(string packageName, Interop.Secur32.CredentialUse intent)
{
if (!s_log.IsEnabled())
{
return;
}
string arg1Str = "";
if (packageName != null)
{
arg1Str = packageName;
}
s_log.WriteEvent(ACQUIRE_DEFAULT_CREDENTIAL_ID, arg1Str, intent);
}
internal static void AcquireCredentialsHandle(string packageName, Interop.Secur32.CredentialUse intent, object authdata)
{
if (!s_log.IsEnabled())
{
return;
}
string arg1Str = "";
if (packageName != null)
{
arg1Str = packageName;
}
s_log.AcquireCredentialsHandle(arg1Str, intent, LoggingHash.GetObjectName(authdata));
}
//
// Security: we temporarily reset thread token to open the handle under process account.
//
private static SafeFreeCredentials AcquireCredentialsHandle(Interop.Secur32.CredentialUse credUsage, Interop.Secur32.SecureCredential secureCredential)
{
// First try without impersonation, if it fails, then try the process account.
// I.E. We don't know which account the certificate context was created under.
try
{
//
// For app-compat we want to ensure the credential are accessed under >>process<< acount.
//
return(WindowsIdentity.RunImpersonated <SafeFreeCredentials>(SafeAccessTokenHandle.InvalidHandle, () => {
return SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPISecureChannel, SecurityPackage, credUsage, secureCredential);
}));
}
catch
{
return(SSPIWrapper.AcquireCredentialsHandle(GlobalSSPI.SSPISecureChannel, SecurityPackage, credUsage, secureCredential));
}
}
public unsafe static int AcquireCredentialsHandle(
string package,
Interop.Secur32.CredentialUse intent,
ref Interop.Secur32.AuthIdentity authdata,
out SafeFreeCredentials outCredential)
{
GlobalLog.Print("SafeFreeCredentials::AcquireCredentialsHandle#1("
+ package + ", "
+ intent + ", "
+ authdata + ")");
int errorCode = -1;
long timeStamp;
outCredential = new SafeFreeCredential_SECURITY();
errorCode = Interop.Secur32.AcquireCredentialsHandleW(
null,
package,
(int)intent,
null,
ref authdata,
null,
null,
ref outCredential._handle,
out timeStamp);
#if TRACE_VERBOSE
GlobalLog.Print("Unmanaged::AcquireCredentialsHandle() returns 0x"
+ String.Format("{0:x}", errorCode)
+ ", handle = " + outCredential.ToString());
#endif
if (errorCode != 0)
{
outCredential.SetHandleAsInvalid();
}
return(errorCode);
}
internal unsafe void AcquireCredentialsHandle(string packageName, Interop.Secur32.CredentialUse intent, string authdata)
{
if (!s_log.IsEnabled())
{
return;
}
const int SIZEDATA = 3;
fixed(char *arg1Ptr = packageName, arg2Ptr = authdata)
{
EventData *dataDesc = stackalloc EventSource.EventData[SIZEDATA];
dataDesc[0].DataPointer = (IntPtr)(arg1Ptr);
dataDesc[0].Size = (packageName.Length + 1) * sizeof(char);
dataDesc[1].DataPointer = (IntPtr)(&intent);
dataDesc[1].Size = sizeof(int);
dataDesc[2].DataPointer = (IntPtr)(arg2Ptr);
dataDesc[2].Size = (authdata.Length + 1) * sizeof(char);
WriteEventCore(ACQUIRE_CREDENTIALS_HANDLE_ID, SIZEDATA, dataDesc);
}
}
public unsafe static int AcquireDefaultCredential(
string package,
Interop.Secur32.CredentialUse intent,
out SafeFreeCredentials outCredential)
{
GlobalLog.Print("SafeFreeCredentials::AcquireDefaultCredential("
+ package + ", "
+ intent + ")");
int errorCode = -1;
long timeStamp;
outCredential = new SafeFreeCredential_SECURITY();
errorCode = Interop.Secur32.AcquireCredentialsHandleW(
null,
package,
(int)intent,
null,
IntPtr.Zero,
null,
null,
ref outCredential._handle,
out timeStamp);
#if TRACE_VERBOSE
GlobalLog.Print("Unmanaged::AcquireCredentialsHandle() returns 0x"
+ errorCode.ToString("x")
+ ", handle = " + outCredential.ToString());
#endif
if (errorCode != 0)
{
outCredential.SetHandleAsInvalid();
}
return errorCode;
}
private int AcquireCredentialsHandle(string moduleName, bool IsInBoundCred, ref Interop.Secur32.SecureCredential authdata, out SafeFreeCredentials outCredential)
{
Interop.Secur32.CredentialUse intent = IsInBoundCred ? Interop.Secur32.CredentialUse.Inbound : Interop.Secur32.CredentialUse.Outbound;
return(SafeFreeCredentials.AcquireCredentialsHandle(moduleName, intent, ref authdata, out outCredential));
}
public int AcquireDefaultCredential(string moduleName, bool IsInBoundCred, out SafeFreeCredentials outCredential)
{
Interop.Secur32.CredentialUse intent = IsInBoundCred ? Interop.Secur32.CredentialUse.Inbound : Interop.Secur32.CredentialUse.Outbound;
return(SafeFreeCredentials.AcquireDefaultCredential(moduleName, intent, out outCredential));
}
public int AcquireCredentialsHandle(string moduleName, Interop.Secur32.CredentialUse usage, ref Interop.Secur32.SecureCredential authdata, out SafeFreeCredentials outCredential)
{
return(SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, ref authdata, out outCredential));
}
public int AcquireDefaultCredential(string moduleName, Interop.Secur32.CredentialUse usage, out SafeFreeCredentials outCredential)
{
return(SafeFreeCredentials.AcquireDefaultCredential(moduleName, usage, out outCredential));
}
public static SafeFreeCredentials AcquireDefaultCredential(SSPIInterface secModule, string package, Interop.Secur32.CredentialUse intent)
{
GlobalLog.Print("SSPIWrapper::AcquireDefaultCredential(): using " + package);
if (Logging.On)
{
Logging.PrintInfo(
Logging.Web,
"AcquireDefaultCredential(" +
"package = " + package + ", " +
"intent = " + intent + ")");
}
SafeFreeCredentials outCredential = null;
int errorCode = secModule.AcquireDefaultCredential(package, intent, out outCredential);
if (errorCode != 0)
{
#if TRACE_VERBOSE
GlobalLog.Print("SSPIWrapper::AcquireDefaultCredential(): error " + Interop.MapSecurityStatus((uint)errorCode));
#endif
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.Format(SR.net_log_operation_failed_with_error, "AcquireDefaultCredential()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
return(outCredential);
}
public static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface secModule, string package, Interop.Secur32.CredentialUse intent, ref SafeSspiAuthDataHandle authdata)
{
if (Logging.On)
{
Logging.PrintInfo(Logging.Web,
"AcquireCredentialsHandle(" +
"package = " + package + ", " +
"intent = " + intent + ", " +
"authdata = " + authdata + ")");
}
SafeFreeCredentials credentialsHandle = null;
int errorCode = secModule.AcquireCredentialsHandle(package, intent, ref authdata, out credentialsHandle);
if (errorCode != 0)
{
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.Format(SR.net_log_operation_failed_with_error, "AcquireCredentialsHandle()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
return(credentialsHandle);
}
public static SafeFreeCredentials AcquireDefaultCredential(SSPIInterface secModule, string package, Interop.Secur32.CredentialUse intent)
{
GlobalLog.Print("SSPIWrapper::AcquireDefaultCredential(): using " + package);
if (SecurityEventSource.Log.IsEnabled())
{
SecurityEventSource.Log.AcquireDefaultCredential(package, intent);
}
SafeFreeCredentials outCredential = null;
int errorCode = secModule.AcquireDefaultCredential(package, intent, out outCredential);
if (errorCode != 0)
{
#if TRACE_VERBOSE
GlobalLog.Print("SSPIWrapper::AcquireDefaultCredential(): error " + Interop.MapSecurityStatus((uint)errorCode));
#endif
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.PrintError(NetEventSource.ComponentType.Security, SR.Format(SR.net_log_operation_failed_with_error, "AcquireDefaultCredential()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
return(outCredential);
}
public static SafeFreeCredentials AcquireCredentialsHandle(SSPIInterface secModule, string package, Interop.Secur32.CredentialUse intent, ref SafeSspiAuthDataHandle authdata)
{
if (SecurityEventSource.Log.IsEnabled())
{
SecurityEventSource.AcquireCredentialsHandle(package, intent, authdata);
}
SafeFreeCredentials credentialsHandle = null;
int errorCode = secModule.AcquireCredentialsHandle(package, intent, ref authdata, out credentialsHandle);
if (errorCode != 0)
{
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.PrintError(NetEventSource.ComponentType.Security, SR.Format(SR.net_log_operation_failed_with_error, "AcquireCredentialsHandle()", String.Format(CultureInfo.CurrentCulture, "0X{0:X}", errorCode)));
}
throw new Win32Exception(errorCode);
}
return(credentialsHandle);
}
